As known, the world of technology consists of various subcategories. However, despite being divided into different subcategories, all technologies have a common point, which is security. Especially in today’s world, with the impact of the pandemic, the increasing cyber attacks are putting companies and organizations in a difficult situation. One of the most popular types of these attacks is Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.
DoS (Denial of Service) attacks aim to prevent access to the target system and render it unable to provide services. Every system has a limit to the amount of network traffic it can handle. If cyber attackers overwhelm the target with more traffic than it can handle, the system will slow down and eventually crash.
DDoS (Distributed Denial of Service) attacks, on the other hand, are performed by initiating the attack from multiple sources, rather than a single source. This type of attack uses botnets consisting of compromised devices, also known as zombies. These zombie devices are electronic devices that have been taken over by black hat hackers through various means. Once compromised, these devices can be used by cyber attackers according to their instructions. In terms of success, DDoS attacks are more effective compared to DoS attacks because they are launched from multiple sources, making detection less likely.
In DoS and DDoS attacks, the goal is not to steal data or infiltrate systems, but to render the systems unable to provide services and disrupt the services. After an attack, companies or organizations suffer both financially and psychologically as they are unable to provide services. Thanks to the capabilities provided by advancing technology, these cyber attacks can be easily carried out nowadays.
So, how can we recognize if a system is under a DoS/DDoS attack? Here are a few tips:
- Presence of abnormal network traffic in the system.
- Significant decrease in system speed or system crash.
- Excessive UDP, SYN, and GET/POST requests. These three indicators strengthen the suspicion of a DoS/DDoS attack.
Types of DoS/DDoS Attacks:
- HTTP Flood: This attack type involves continuously sending GET/POST requests to the target.
- Volume-Based DDoS: This attack type involves sending request packets exceeding the bandwidth capacity of the target server.
- UDP Flood: In this type of attack, the attacker sends a large number of UDP packets to the target computer’s ports. If the target computer cannot control the usage status of the port, it responds with ICMP packets. The excessive repetition of this cycle renders the target system unusable.
- Protocol-Based DDoS: This attack is carried out by exploiting vulnerabilities in the 3rd and 4th layers of the OSI protocol.
- Application Layer DDoS: This attack type exploits vulnerabilities in the application layer (Layer 7) of the OSI protocol.
Other types of DoS/DDoS attacks include ICMP Flood, SYN Flood, Ping of Death, Smurf, DNS Poisoning, and Teardrop, to name a few.
To avoid falling victim to these attacks, the system infrastructure should be kept up-to-date, and the created system architecture should be robust. However, these are not definitive solutions. To prevent reputational damage and avoid such attacks, regular penetration testing should be conducted, and any discovered vulnerabilities should be addressed. Cybersecurity experts can provide assistance in this regard.